What you can protect… and what you can’t

The rise in ransomware attacks among financial institutions has shown no signs of slowing down. In July of 2020, the Office of Compliance Inspections and Examinations noted an increase in the sophistication of ransomware attacks on SEC registrants. Cybersecurity threats have been rampant during the pandemic, with bad actors taking advantage of the disruption caused by COVID-19. The abrupt shift to working from home or changing office procedures meant that shortcuts or security measures may have been piecemealed together.

But the rise in ransomware and attacks means that community banks need to be on high alert. IT teams must actively monitor and detect threats to their network and have robust response and disaster recovery procedures in place.

The threats are not limited to only what can occur within the walls of the bank. Data breaches caused by third-party providers are, for lack of a better word, common. Such breaches can be costly, both in actual costs and relationships with customers. While banks may routinely require third parties to complete due diligence questionnaires, little is done to assess the risk level or mitigate any shortcomings with said vendors.

For community banks, safeguarding their customer’s personal financial information is paramount. Yet, while ransomware and attacks are on the rise, the methods used have also gotten more sophisticated. This was illustrated plainly with the Solarwinds Orion attack in 2020. As discussed in our feature on ransomware and cybersecurity, the scale and depth of the attack were unprecedented. It took FireEye, a top security firm, to discover and expose the vulnerability.

What the Orion attack revealed is that the best security in the world may not be enough to protect your institution. Yes, you should take every precaution with your firewall, vetting third-party vendors that handle your data, and having tight internal security protocols.

But also know that if someone is determined to wreak havoc on your organization, even your best-laid plans may not be enough.